Preserving Proxy Addresses in Office 365 Post-Transition

This article is intended to provide the information necessary for Office 365 (O365) administrators to prevent proxy addresses from being overwritten when running Directory Synchronization for O365 (DirSync v2).

In BPOS, proxy addresses were written to user objects and updated as added, but only PRIOR to assigning a license to the object. Once the license was assigned, the proxy addresses had to be updated manually. We have found that many customers ceased adding the requisite proxy addresses on-premises in AD and only added them to the BPOS user object via the Microsoft Online Administration Center (MOAC). This has presented a major issue for customers transitioning to O365, as the new DirSync v2 does not have the limitation that the previous tool did.

In order to prevent overwriting/deleting the proxy addresses transitioned from BPOS, you will need to make sure the addresses are input into your on-premises AD. To assist with this, I’m providing a couple scripts for this purpose.

Export Users with Proxy Addresses (this will require the use of the Microsoft Online Services Transporter Suite) rename to users.ps1:
## Script Start
Write-host (“This script will pull out from a BPOS subscriptions the users that have a proxy address set to a specified domain”)
Write-host (“If the domain is not provided the list of all enabled users is returned”)
Write-host (“It is possible to redirect the output to csv file, in this case, all proxy addresses for the users are returned”)
Write-host (“”)

Write-host “Insert the admin account (ex:admin@contoso.emea.microsoftonline.com):” -foregroundcolor red
$admin = Read-Host

Write-Host “Insert the proxy address (@domain.xyz):” -foregroundcolor yellow
$paddress= Read-Host
$paddress= “*”+$paddress

Write-Host “Path and file name for the optional csv (like: c:\temp\export.csv):” -foregroundcolor green
$file= Read-Host

$cred = get-credential -credential $admin
$userlist = Get-MSOnlineUser -Enabled -SourceDetail full -resultsize 50000 -Credential $cred | where-object {$_.Proxyaddresses -like $paddress}
Write-host (“Processing…”)
Write-host (“==============================================”)
Write-host (“Found ” + $userlist.count + ” objects”) -ForegroundColor blue
Write-host (“==============================================”)
$pro=””;
$proID=””;
$header=”Identity,ProxyAddresses,objectGUID”;
foreach($user in $userlist)
{

$proID = $proID + $user.Identity +[environment]::NewLine
$pro = $pro + $user.Identity + “,”

$proxyCount = $user.proxyaddresses.count
$counter = 1
foreach($proxy in $user.proxyaddresses)
{
If ($counter -eq $proxyCount){
$pro = $pro + $proxy.proxyaddress + “,”
}
else{
$pro = $pro + $proxy.proxyaddress + “;”
}
$Counter++

}
$pro = $pro + $user.SourceUID
# Write-Host $pro -foregroundcolor yellow
$pro = $pro + [environment]::NewLine
#Write-Host $pro -foregroundcolor blue
#read-host
}
$pro = $header + [environment]::NewLine + $pro
#$pro
if ($file -eq “”) {$proID}
else {$pro > $file}
Write-Host “====== End Script =====” -foregroundcolor magenta
## Script End

Script to Import proxy address to local AD (rename to ImportProxyAddresses.ps1):
## Script Start
############################################################################

# input file path – make sure file is in same directory as script
# or specify fully qualified path
$inputCSVFile = get-item ./exportuser.csv

# regular expression to match string that starts with uppercase ‘SMTP:’ chars
$SMTPRegex = New-Object system.text.regularexpressions.regex(“^SMTP:”)

# define variables for PutEX() operatinos
$ADS_PROPERTY_CLEAR = 1
$ADS_PROPERTY_UPDATE = 2
$ADS_PROPERTY_APPEND = 3
$ADS_PROPERTY_DELETE = 4

# integer to hold number of users processed from CSV file
$intUserTotal

# integer to hold number of users touched
$intTouchedUsers = 0

# import the CSV list of users
Import-Csv -Path $inputCSVFile |

# loop through each user in the csv file
ForEach-Object {

$intUserTotal++

# build a valid GUID & bind to the user
$GUID = $_.objectGUID.trim(“X'”)
$strGUIDBind = [String]::Format(“LDAP://”,$GUID)
$user = [ADSI]$strGUIDBind

# store the list of proxyaddresses for the current AD user
$ADProxyAddress = $user.properties.proxyAddresses

# store a list of proxyaddresses in the file for the current user
$FileProxyAddress = $_.”proxyaddresses”.split(“;”)

# create an array to hold the proxyaddresses we want to add to AD
$arrAdd = @()

# create an arraylist to hold the proxyaddresses we want to remove from AD
$arrRemove = New-Object system.collections.arraylist

# loop through proxyaddresses in the file
foreach ($strAddress in $FileProxyAddress) {

# if the list of AD proxyaddresses does not contain the current file proxyaddress
if (-not ($ADProxyAddress -ccontains $strAddress) ) {

# add it to the list of addresses to add to AD
$arrAdd += $strAddress
}
else # add the existing primary SMTP address in AD to the list of addresses to delete from AD
# – we will remove this later if it already exists in the file
{
$ADProxyAddress | ForEach-Object {
if ($SMTPRegex.IsMatch($_)) {
if ($arrRemove -notcontains $_) {[void]$arrRemove.Add($_)}
}
}
}
} # end foreach

# loop through the list of file proxyaddresses
$FileProxyAddress | ForEach-Object {

# if the file contains a primary SMTP address in the ‘remove’ list, remove it from the list
# this will stop the removal of existing valid SMTP addresses that are in AD & the file.
if ($arrRemove -ccontains $_) {
$arrRemove.remove($_)
}
}

“`n”
“——————————”
$user.properties.samaccountname
“——————————”

if ($arrAdd.count -gt 0) {
“Adding: $arrAdd”
$intTouchedUsers++
# append the array of new secondary (lowercase) addresses
$user.putex($ADS_PROPERTY_APPEND,”ProxyAddresses”,$arrAdd)
$user.Setinfo()
}

if ($arrRemove) {
“Removing: $arrRemove”
# remove the existing primary (uppercase) SMTP address
$user.putex($ADS_PROPERTY_DELETE,”ProxyAddresses”,(,”$arrRemove”))
$user.Setinfo()
}
}

“Number of users found in input file: $intUserTotal”
“Number of users where the proxyAddresses attribute was updated: $intTouchedUsers ”

############################################################################
## Script End

Further instructions for using these scripts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: